gandcrab | 8da137d4bb38b0153e6a8b233a35450d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8da137d4bb38b0153e6a8b233a35450d_JaffaCakes118
Size

69KB
MD5

8da137d4bb38b0153e6a8b233a35450d
SHA1

92b945708dce3c375efaa990b7a9130a1d5c29d9
SHA256

e53224e33262068af6fd95446ad228dc9fe41d0e2f83396d3b4b2d4c2f1abeb6
SHA512

3fb51d6d7e2c798f750a5a7034c5690edee7948fb00cf5562ecaa4c1d9e97e888f69548244c80f5942f20220e480b6c717a2c0a25d152d930d9a0ced759749a6
SSDEEP

1536:MZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAmMqqU+2bbbAV2/S2Lccu:yBounVyFHjMqqDL2/Lcc

Score

10^/10

gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8da137d4bb38b0153e6a8b233a35450d_JaffaCakes118

Files

8da137d4bb38b0153e6a8b233a35450d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_ReflectiveLoader@0

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ